Extreme Networks

Hello all, thank you for your patience, our security team has updated the vulnerability notice today. Could you please let me know if the new additions address your questions? If not, please let me know and I’ll forward your questions on to the security team working on this. 

I’m a little bit confused that Extreme is still evaluating if some products are affected by these issues. Especially the older products like IdentiFi oder WLAN9100, which are still under service and for which they still receive money from customers for service and support…

Regarding https://www.fragattacks.com/ there was a 10 month disclosure period, managed by the WiFi-Alliance for manufacturers to test their equipment and produce patches. Extreme is Contributor in the WiFi-Alliance. So my colleagues, my boss and my customers, which are using these older stuff, and I are all asking ourselves one question: “What the hell did Extreme do in this period?”

Can someone from Extreme give me an official statement what had happened here exactly, that Extreme is still evaluating stuff and cannot give a clear statement if some products are affected by the CVEs? I mean, it’s not rocket science to test if a component is affected. The security engineer published a test-tool on GitHub. I’ve even tested my private equipment at home with it…

Hey all, I’m told in the vulnerability notice that IdentiFi = ExtremeWireless. They are still working out whether or not ExtremeWireless products are affected by this issue. 

The release for 10.3r3 is currently scheduled for early to mid month this month, barring any unforeseen set backs before then. 

Is there a release date for IQ Engine 10.3r3 for Wave 1 and Wave 2 AC (AP230 & AP250)?